BBM Protected FAQ
advertisement
BBM Protected FAQs – External 3/12/2015 This document aims to address some of the most frequently asked questions about BBM Protected; what it is, how it works, and how customers can purchase and deploy it. Click on the questions below to be taken directly to the answer in the document. Product Overview 1. Does BBM Protected Support IPhone & Android? .................................................................... 3 2. When will BBM Protected be available for iOS and Android? .................................................. 3 3. Can I extend BBM Protected chats to non-BBM Protected users? .......................................... 3 End User Experience 1. Can a BBM Protected user only talk to BBM Protected users within the company? ............ 3 2. How do I know if I am in a BBM Protected chat? ........................................................................ 3 3. How do you know which of your BBM contacts are also using BBM Protected? ................. 3 4. Can I cut and paste copy in to a BBM Protected chat from another application? ................. 3 5. What is the auto-passphrase capability that is available with the upcoming release of BBM Protected?....................................................................................................................................... 4 6. What happens if my organization does not turn on the auto-passphrase policy but the organization in which I am interacting with has the auto-passphrase policy turned on? ..... 4 IT Admin Experience 1. Is a BES required to use BBM Protected? .................................................................................. 4 2. What BES licenses are required for BBM Protected to work? ................................................. 4 3. My company already uses Microsoft Lync, why would I want BBM Protected? .................... 4 4. How does BBM Protected interact with Enterprise Identity by BlackBerry? ......................... 4 5. Do I need to order Enterprise Identity by BlackBerry when I order BBM Protected?............. 4 6. How does BBM Protected secure data at the rest on iPhone and Android devices? ........... 5 7. How does BBM Protected work to add additional encryption to BBM messages? .............. 5 8. Does the added encryption offered by BBM Protected apply to BBM Voice and BBM Video calls? ......................................................................................................................................................... 5 9. Does this mean that regular or personal BBM Chats are not secure? .................................... 5 10. Can BlackBerry read BBM Protected messages? ..................................................................... 5 BBM Protected FAQs – External 3/12/2015 1 11. Does BBM Protected mean that BBM messages are automatically logged? ......................... 5 12. How do I enable BBM Protected for users at my organization? ............................................... 5 13. I am on BES 5 – where do I get the IT Policy Pack to enable BBM Protected? ...................... 6 14. Where would I get the source files for the BBM app in order to push this application to my users? ......................................................................................................................................................... 6 15. Is there Technical Support available for BBM Protected? ....................................................... 6 Requirements, Pricing, and Purchase 1. Is a BES required to use BBM Protected? .................................................................................. 6 2. What version of BlackBerry software is required for BBM Protected? .................................... 6 3. What version of BBM is required for BBM Protected? ............................................................. 6 4. What are Administration Requirements for BBM Protected? ................................................... 6 5. How do I purchase BBM Protected User licenses? ................................................................... 6 6. What is the cost of a BBM Protected User License? ................................................................ 7 7. Is the price per user or per device (for example if a user has multiple devices)? .................. 7 8. Where would I get the source files for the BBM app in order to push this application to my users? ......................................................................................................................................................... 7 9. How can I cancel my purchase of BBM Protected if I decide we no longer require it? ......... 7 10. How long is a BBM Protected user license valid for? How do I renew it? ............................... 7 11. Is there a BBM Protected trial available? ................................................................................... 7 12. Is there Technical Support available for BBM Protected? ........................................................ 7 BBM Protected FAQs – External 3/12/2015 2 Product Overview Answers 1. Does BBM Protected support iPhone & Android? BBM Protected is a cross platform service available to organizations with iPhone and Android devices in addition to those with BlackBerry OS and BlackBerry 10 smartphones. 2. When will BBM Protected be available for iOS and Android? BBM Protected licenses are available for sale for iOS and Android devices, as well as BlackBerry smartphones and can be purchases here. 3. Can I extend BBM Protected chats to non-BBM Protected Users? With this release of BBM (BBM 2.7 for iPhone & Android, BBM 10.7 for BlackBerry 10 OS, BBM 8.5.3 for BlackBerry OS: BBM 8.5.3 or higher) as a BBM Protected user you can now extend BBM Protected chat capabilities to non-BBM Protected users. Once the BBM Protected connection is established with the non-BBM Protected user, either user can initiate a secure chat environment. Now organizations subscribing to BBM Protected can extend Protected outside of their organization free of charge. Their customers, suppliers or partners simply install the BBM application on device and their communications with the Protected Plus users are always Protected. This feature can be turned on (or off) by an IT Admin via an Enterprise Identity by BlackBerry Admin Console ‘Protected Plus’ policy. End User Experience Answers 1. Can a BBM Protected user only talk to BBM Protected users within the company? BBM Protected users can continue to use the same app to chat and share with other BBM contacts like family and friends. When a company has enabled BBM Protected for a user, BBM messages sent to any other BBM Protected users will be secured at this higher level of encryption – these could be other BBM Protected users within the same organization, or BBM Protected users at another organization. This is one of the advantages offered by BBM Protected; out of the box secure messaging between organizations without the need for any federation or configuration. 2. How do I know if I am in a BBM Protected chat? While the aim is to make BBM Protected as seamless and transparent as possible for BBM users, there are a few ways to tell when you are having a BBM Protected chat: In the field where you type your BBM messages, you will see that it says ‘Protected. Enter a message’. You will find that as you type your message, it appears in blue whereas text in a chat using default BBM encryption will appear in black. When you’re in a BBM Protected Group, you will see a small lock symbol that appears at the top of the group lobby next to the BBM Group name. This serves as a reminder that this is a BBM Protected Group, meaning that all messages between all participants are encrypted using the advanced public/private key and only other BBM Protected users will be permitted to join the group. When the BBM Protected Plus policy is utilized on the BES, a dialogue box is presented to each user, indicating that they are initiating (or being invited to) a BBM Protected chat. The BBM Protected user also sees a BBM Protected policy notification in the BBM feeds. 3. How do you know which of your BBM contacts are also using BBM Protected? BBM Protected aims to make chatting with other BBM Protected users seamless by moving the security to the background so that it doesn’t get in the way of the user – therefore we don’t put a lot of emphasis on who is and isn’t a BBM Protected user. That said, when you go to start a new BBM chat, you will see that a small lock appears next to the names of other BBM Protected users on your BBM Contact list. 4. Can I cut and paste copy in to a BBM Protected chat from another application? BBM Protected FAQs – External 3/12/2015 3 Yes, BBM users can cut and paste freely in to a BBM Protected conversation. BBM Protected offers enhanced encryption of the chat without limiting in any way what kind of content can be shared. For instance, a BBM user can copy a phone number from a BBM Protected chat in to a chat with a non-BBM Protected user. This is yet another example of the seamless user experience plays an important role in the BBM Protected offering. 5. What is the auto-passphrase capability that is available with the upcoming release of BBM Protected? The auto-passphrase feature simplifies the invocation of BBM Protected chats by making the passphrase exchange happen automatically and seamlessly between two parties in a BBM Protected conversation. This feature can be turned on (or off) by an IT Admin via an Enterprise Identity by BlackBerry Admin Console policy. 6. What happens if my organization does not turn on the auto-passphrase policy but the organization in which I am interacting with has the auto-passphrase policy turned on? In a situation where one organization has the auto-passphrase policy turned on and the other does not, BBM Protected defaults to the highest level of security where the manual passphrase model is used. IT Admin Experience Answers 1. Is a BES required to use BBM Protected? No, BBM Protected no longer requires a BES. Customers looking to use BBM Protected with BlackBerry OS, BlackBerry 10 OS, iPhone and Android smartphones do not require a BES. The IT Administrator user management of BBM Protected is done through the Enterprise Identity by BlackBerry console – a service you get when you purchase your BBM Protected subscriptions. 2. What BES licenses are required for BBM Protected to work? Starting March 5, 2015, BBM Protected is now managed via Enterprise Identity by BlackBerry (EID), a new console separate from BES. Enterprise Identity by BlackBerry for managing BBM Protected is included at no additional cost when purchasing BBM Protected. 3. My company already uses Microsoft Lync, why would I want BBM Protected? While many organizations have invested in Unified Communication and Collaboration solutions like Microsoft Lync, mobile adoption of these solutions is often low. These desktop based enterprise Instant Messaging (IM) solutions often deliver a poor mobile user experience and frequently limit employees to communicating with other employees inside the organization. As a result, employees are going outside rd their corporate deployed EIM apps, communicating through unsanctioned 3 -party applications. BBM Protected allows users to use a single app to securely message contacts inside the company, as well family and friends outside the company. Plus, it offers a user experience built from the ground up for mobile. Lastly, BBM Protected is a cloud based solution, deployed, managed and controlled from BES but residing in BlackBerry’s secure, scalable and reliable infrastructure. BBM Protected will continue to work if an organizations own IT infrastructure has experienced a server outage or a catastrophic crash. By comparison, Microsoft Lync and Lotus Sametime are on-premise IM platforms that rely on licensed client / server software that is deployed, managed and controlled from within the firewall of the organization. 4. How does BBM Protected interact with Enterprise Identity by BlackBerry? Cross-platform user and entitlement management of the BBM Protected service for IT Administrators is provided by Enterprise Identity by BlackBerry. Enterprise Identity by BlackBerry provides a simplified, cloud-based Admin Console to manage and entitle users for BBM Protected and other enterprise applications. 5. Do I need to order Enterprise Identity when they order BBM Protected? No, Enterprise Identity by BlackBerry acts as the management system for BBM Protected but this capability, along with the majority of Enterprise Identity features, is included free-of-charge. However, Enterprise Identity features that manage other applications (e.g. Salesforce, Box), are separate and BBM Protected FAQs – External 3/12/2015 4 require purchase of Enterprise Identity. 6. How does BBM Protected secure data at rest on iPhone and Android devices? BBM on iOS and Android protects your BBM messages at rest by using SQLCipher to encrypt the BBM database. SQLCipher is open source software that provides transparent 256-bit AES encryption of databases. 7. How does BBM Protected work to add additional encryption to BBM messages? BBM Protected works by adding an additional level of encryption to messages sent between BBM Protected users by securing exchanging a set of public keys that are unique to those two users. The first time two BBM Protected users initiate a chat, a secret passphrase is shared by email, SMS, phone or in person. The passphrase can also be exchanged automatically using the auto-passphrase feature. Once the secret passphrase is verified, public signing and encryption keys are generated client-side on device, and exchanged between the two users allowing for this advanced encryption of messages. 8. Does the added encryption offered by BBM Protected apply to BBM Voice and BBM Video calls? BBM Protected encryption applies to BBM messages, attachments and files sent between BBM Protected users. It also applies to multi-person BBM chats where all participants are BBM Protected users and BBM Groups that have been established as Protected BBM Groups. It does not apply to BBM Voice and BBM Video calls at this time. More information on the security model used for BBM Voice and BBM Video calls can be found in the BBM Security Note available here. 9. Does this mean that regular or personal BBM Chats are not secure? Not at all. The default level of security offered by BBM today is already very secure, offering two layers of encryption for messages sent between BBM contacts. First, BBM uses TLS to establish a secure connection between the smartphone and the server. TLS is a common web standard that is used for online shopping and internet banking. Additionally, BBM messages are encrypted using a triple DES 168bit BBM scrambling key which encrypts messages leaving the sender’s phone, and authenticates and decrypts messages on the recipient’s phone. These two layers working together mean that you have secure messages flowing through a secure pipe. BBM Protected adds yet an additional layer of advanced encryption to this security model helping to meet the needs of the most security conscious organizations. 10. Can BlackBerry read BBM Protected messages? No, BlackBerry cannot read BBM Protected messages. The encryption keys used to secure messages sent between BBM Protected users are generated client side and stored on- device. BlackBerry is not the broker in this public key exchange. The enterprise itself does not have access to the encryption keys outside of the mobile device itself. 11. Does BBM Protected mean that BBM messages are automatically logged? No, BBM Protected is not a supervisory feature like logging or auditing. BBM Protected adds security and management features to BBM. BBM Protected customers may purchase BBM Protected message archiving through the BlackBerry Audit & Archiving Service (BAAS), which enables an admin to turn on message logging and store those messages on premise behind the company’s firewall, or in the cloud. 12. How do I enable BBM Protected for users at my organization? BBM Protected is applied to a user or user group via Entitlement in the Enterprise Identity by BlackBerry Administration Console. When deploying BBM Protected, complete the following tasks after purchasing the user licenses for BBM Protected and after Enterprise Identity by BlackBerry Administration Console setup: a. Admin logs in to the Enterprise Identity Administration Console b. In the left pane click Entitlements c. Select BBM Protected d. Click Invite User I. Invite a single user: enter email address BBM Protected FAQs – External 3/12/2015 5 II. Invite multiple users: click Browse to browse to a .csv file or text file that contains (one email address per line). Do not use a header in the file. III. Invite via Microsoft Active Directory groups use the Manage Groups capability e. Click Send Invite. 13. I am on BES 5 – where do I get the IT Policy Pack to enable BBM Protected? Starting March 5, 2015, BBM Protected is now managed via Enterprise Identity by BlackBerry (EID), a new console separate from BES. Enterprise Identity by BlackBerry for managing BBM Protected is included at no additional cost when purchasing BBM Protected. 14. Where would I get the source files for the BBM app in order to push this application to my users? After purchasing your BBM Protected User Licenses, you will be sent a Welcome email that includes a link to the download site to get the source files for the BBM apps. These source files can be used to push the BBM apps to the users who have been configured for BBM Protected. 15. Is there Technical Support available for BBM Protected? Yes. The BBM Protected user license comes with award-winning BlackBerry Technical Support which can be accessed online and via phone. Includes call-in IT admin support from BlackBerry Care for five Named Callers, and end-user self-service support resources. Requirements, Pricing, and Purchase Answers 1. Is a BES required to use BBM Protected? No, BBM Protected no longer requires a BES. Customers looking to use BBM Protected with BlackBerry OS, BlackBerry 10 OS, iPhone and Android smartphones do not require a BES. The IT Administrator user management of BBM Protected is done through the Enterprise Identity by BlackBerry console – a service you get when you purchase your BBM Protected subscriptions. 2. What are the client minimum system requirements for BBM Protected? For BlackBerry® OS devices, BBM Protected will work with BlackBerry OS version 6.0, 7.0, or 7.1 For BlackBerry® 10 devices, BBM Protected will work on BlackBerry 10 v 10.2, 10.2.1, or 10.3 For iPhone, BBM Protected will work on iOS 6.0 or higher For Android devices, BBM Protected will work on Ice Cream Sandwich (4.0) or higher 3. What version of BBM is required for BBM Protected? For BlackBerry OS devices, BBM Protected requires BBM version 8.5.3 or higher For BlackBerry 10 devices, BBM Protected requires BBM version 10.7 or higher For iPhone, BBM Protected requires BBM version 2.7 or higher For Android devices, BBM Protected requires BBM version 2.7 or higher For iOS and Android devices BES is not required 4. What are Administration Requirements for BBM Protected? All of the IT Administration user management of BBM Protected is done through the Enterprise Identity by BlackBerry console – a service you are provided with for user and entitlement management as part of your BBM Protected subscriptions. No BES is required. 5. How do I purchase BBM Protected User licenses? You can purchase BBM Protected directly from store.blackberry.com, by contacting your BlackBerry sales representative, or through our global network of authorized resellers. 6. What is the cost of a BBM Protected User License? BBM Protected is an annual subscription, at $29.99 per user, per year. Please contact your BlackBerry BBM Protected FAQs – External 3/12/2015 6 Account Manager or authorized BlackBerry reseller for more information on pricing and availability. 7. Is the price per user or per device (for example if a user has multiple devices)? A BBM Protected User License is valid for 1 user on 1 device. If a user leaves the company, or an administrator wants to apply the BBM Protected User License to another user at the company, they can re-assign it at any time. 8. Where would I get the source files for the BBM app in order to push this application to my users? After purchasing your BBM Protected User Licenses, you will be provided with a Welcome email which will include a link to the download site to get the BBM Source Files in order to push the BBM applications to the users who have been set-up for BBM Protected. 9. How can I cancel my purchase of BBM Protected if I decide we no longer require it? BBM Protected User Licenses cannot be refunded or exchanged. 10. How long is a BBM Protected user license valid for? How do I renew it? BBM Protected User Licenses will be valid for 1 year from the date of purchase. A new BBM Protected User License will be required at the end of the 12 month term. 11. Is there a BBM Protected trial available? Yes. BlackBerry Account Managers can extend a 30-Day trial of BBM Protected to customers. Please contact your BlackBerry Account Manager or authorized BlackBerry reseller for more information. 12. Is there Technical Support available for BBM Protected? Yes. The BBM Protected user license comes with award-winning BlackBerry Technical Support which can be accessed online and via phone. Includes call-in IT admin support from BlackBerry Care for five Named Callers, and end-user self-service support resources. BBM Protected FAQs – External 3/12/2015 7
